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Abstract 

This paper analyzes the security of a recently-proposed signal encryption scheme 
based on a filter bank. A very critical weakness of this new signal encryption pro- 
cedure is exploited in order to successfully recover the associated secret key. 
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1 Introduction 



The application of chaotic systems to cryptographical issues has been a very 
important research topic since the 1990s [1-4]. This interest was motivated 
by the close similarities between some properties of chaotic systems and some 
characteristics of well-designed cryptosystems [5, Table 1]. Nevertheless, there 
exist security defects in some chaos-based cryptosystems such that they can 
be partially or totally broken [6-11]. 

In [12] the encryption procedure is carried out by decomposing the input 
plaintext signal into two different subbands and masking each of them with 
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a pseudo-random number sequence generated by iterating the chaotic logistic 
map. The decomposition of the input plaintext signal x[n\ is driven by 



to[n]=KQ^x[m\ho[2n- m], (1) 

Vm 

ti[n]=/s:i^x[m]/ii[2n-m], (2) 



Vm 



where h^, hi are so-called "analysis filters" and i^o, Ki are gain factors. 

Then, the masking stage generates the ciphertext signal (fo[n], f i[n]) according 
to the following equations: 



vo[n]=to[n] + aQ{ti[n]), (3) 
vi[n]=ti[n] - ai{vQ[n]), (4) 

where ai{u) = u + Si[n] and sjn] is the state variable of a logistic map with 
control parameter Aj G (3, 4) defined as follow^ 

Si[n] = \iSi[n-l\{l- Si[n-l\). (5) 

Substituting = u + Si[n\ into Eqs. ([3]) and (j4]), we have 

"^0 N = (^0 [n] + ti [n] ) + So [n] , (6) 
vi [n] = (ti [n] - vo [n] ) - si [n] . (7) 

The secret key of the cryptosystem is composed of the initial conditions and 
the control parameters of the two logistic maps involved, i.e., sq[0], si[0], Aq 
and Ai. 

The decryption procedure is carried out by doing 

ti[n]=vi[n] + ai{vo[n]), (8) 
tQ[n]=Vo[n] - ao(^iM)- (9) 

Then, the plaintext signal is recovered with the following filtering operations: 
= T^T.ioHfo[n - 2m] + ^^t,[m]/i[n - 2m], (10) 

^0 Vm ^1 Vm 



^ In [12] , the authors use xi to denote the state variable of the logistic map. However, 
this nomenclature may cause confusion because the plaintext signal is denoted by x. 
Therefore, we turn to use another letter, s. In addition, we unify the representation 
of Xi{k) to be in the form Si[n\ because all other signals are in the latter form. 
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Fig. 1. Bifurcation diagram of the logistic map 

where /o, /i are so-called "synthesis filters". To ensure the correct recovery of 
the plaintext signal, the analysis and synthesis filters must satisfy a certain 
requirement as shown in Eq. (8) of [12]. The reader is referred to [12] for more 
information about the inner working of the cryptosystem. 

This paper focuses on the security analysis of the above cryptosystem. The 
next section points out a security problem about the reduction of the key 
space. Section [3] discusses how to recover the secret key of the cryptosystem 
by a known-plaintext attack. In the last section the conclusion is given. 



2 Reduction of the key space 



As it is pointed out in [5, Rule 5], the key related to a chaotic cryptosystem 
should avoid non-chaotic areas. In [12] it is claimed that the key space of the 
cryptosystem under study is given by the set of values Aj and Si[0] satisfying 
3 < Aj < 4 and < Sj[0] < 1 for z = 0, 1. However, when looking at the bifur- 
cation diagram of the logistic map (Fig. [1]), it is obvious that not all candidate 
values of Aj and Sj[0] are valid to ensure the chaoticity of the logistic map. 
There are periodic windows which have to be avoided by carefully choosing 
Aj. As a consequence, the available key space is drastically reduced. 
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3 Known-plaintext attack 



In a known-plaintext attack the cryptanalyst possesses a plaintext signal 
{x[?7,]} and its corresponding encrypted subband signals {^oW} and {fi[n]}. 
Because {/ioM}, {^iM}, Kq and Ki are public, we can get {toM} and 
from {a;[n]}. Then we can get the values of {so[?7.]} and {si[n]} as follows: 



So[n\ =Vo[n\ - to[n] - ti[n], (11) 
Si[n]= ti [n] - Vq [n] - Vi[n]. (12) 

For n = 0, the values of the subkeys So[0] and Si[0] have been obtained. 
Furthermore, we can obtain the control parameters by just doing the following 
operations for i = 0,1: 

^ s,[n + l] 

s,[n]il - s.[n]y ^'^^ 

In [12], the authors did not give any discussion about the finite precision about 
the implementation of the cryptosystem in computers. If the floating-point 
precision is used, then the value of Aj can be estimated very accurately. It was 
experimentally verified that the error for the estimation of Aj using (fT5]l . and 
working with floating-point precision, was never greater that 4 ■ 10~^^. If the 
fixed-point precision is adopted, the deviation of the parameter Aj estimated 
exploiting Eq. (fT3l) from the real Aj may be very large. Fortunately, according 
to the following Proposition [1] [13, Proposition 2], the error is limited to 2^/2^ 
(which means only 2^ possible candidate values to be further guessed) when 
s[n + l] > 0.5. 

Proposition 1 Assume that the logistic map s[n + 1] = A ■ s[n] ■ (1 — s[n]) 
is iterated with L-bit fixed-point arithmetic and that s{n + 1) > 2^', where 
1 < i < L. Then, the following inequality holds: |A — A| < 2*+^/2-^, where 
~ _ s[n + l] 

s[n] ■ (1 — s[n]) 



4 Conclusion 



In this paper we have analyzed the security properties of the cryptosystem 
proposed in [12]. It has been shown that there exists a great number of weak 
keys derived from the fact that the logistic map is not always chaotic. In ad- 
dition, the cryptosystem is very weak against a known-plaintext attack in the 
sense that the secret key can be totally recovered using a very short plaintext. 
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Consequently, the cryptosystem introduced by [12] should be discarded as a 
secure way of exchanging information. 
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